Skills, Talent and Diversity updates
Sign-up to get the latest updates and opportunities from our Skills, Talent and Diversity programme.
Shrinking the attack surface to evolve online safety
Online Safety in an Expanding Digital World
As digital services underpin more of everyday life, online safety has become a foundational requirement for trust, resilience and economic growth. From public services to critical infrastructure and consumer platforms, users expect systems to be secure by design.
At the heart of this challenge is the attack surface: the total number of ways systems, services and users can be exposed to cyber risk. As organisations digitise faster, their attack surfaces expand just as quickly. Evolving the landscape of online safety therefore depends on one core principle: reducing exposure before harm occurs.
Understanding the Attack Surface
An attack surface includes every point where a system, service or user could be targeted. This typically spans:
-
Internet-facing applications, websites and APIs
-
Cloud services and third-party integrations
-
Devices and endpoints connected to networks
-
Misconfigured, forgotten or unmanaged digital assets
-
Human factors, including identity misuse and social engineering
When these elements are not continuously understood and managed, they increase the likelihood of incidents that directly impact users, availability and trust.
Why Shrinking the Attack Surface Matters for Online Safety
Much of the online safety conversation focuses on detection, moderation or response after something goes wrong. While essential, this approach alone is not enough.
Attack surface reduction is preventative by nature. By limiting the number of exploitable entry points, organisations reduce the likelihood that users, services or sensitive data are put at risk in the first place.
This supports online safety in three important ways:
- Reducing opportunities for exploitation: Fewer exposed assets mean fewer pathways for attackers to disrupt services or compromise users.
- Lowering systemic risk: Proactively identifying and fixing weaknesses helps prevent issues from cascading across interconnected digital ecosystems.
- Protecting trust at scale: When digital platforms remain available and uncompromised, users maintain confidence in the systems they rely on.
In this way, shrinking the attack surface contributes directly to a safer, more resilient online environment.
Practical Steps to Reduce Digital Exposure
Evolving online safety requires continuous effort rather than one-off controls. Key practices include:
- Continuous asset visibility: Maintaining a real-time view of all digital assets, including shadow IT and third-party dependencies.
- Risk-based prioritisation: Addressing the most exploitable and high-impact weaknesses first, rather than treating all issues equally.
- Strong identity and access controls: Applying least-privilege principles and multi-factor authentication to reduce user-level exposure.
- Ongoing monitoring and validation: Detecting misconfigurations and changes that increase exposure before they are exploited.
- Shared responsibility for safety: Embedding security awareness across teams so online safety is not confined to technical functions alone. Together, these measures help organisations shift from reactive defence to proactive safety.
- Security as a Foundation for Safer Digital Growth: Too often, security is viewed as a brake on innovation. Reducing the attack surface enables safer, faster digital progress.
When exposure is controlled, organisations can deploy new services with confidence, regulators gain assurance, and users benefit from platforms that are both accessible and resilient. Online safety and innovation are not opposing forces, they are mutually reinforcing.
Evolving Online Safety Through Prevention
Evolving the landscape of online safety requires more than responding to threats as they emerge. It demands systemic prevention, grounded in visibility, control and continuous improvement.
By shrinking the attack surface, organisations strengthen the foundations of online safety, protect users from harm, and build the trust needed for a secure digital future.
About the campaign
techUK’s TechTogether campaign continues with a focus on ‘Evolving Online Safety'. Our insights this week focus on ensuring AI systems are designed, governed and deployed responsibly, with diverse perspectives shaping how technology impacts society, strengthening cyber defences and reducing vulnerabilities as organisations adopt new technologies and expand digital services, and addressing workplace culture, leadership and systemic barriers to ensure diverse voices shape the future of technology.
TechTogether week 4
Other opportunities to get involved:
Other related insights:
Authors
Jon Barkworth
Jonathan Barkworth is Global SVP of Marketing at Sitehop, where he leads the company’s global brand, growth, and go-to-market strategy. He is focused on building and telling the Sitehop brand story, positioning the business as a category-defining technology company through thought leadership, compelling narratives, and consistent market presence. Jonathan oversees the full growth engine across brand, demand, content, communications, and partnerships, working closely with product, sales, and leadership teams to translate Sitehop’s technology and vision into tangible comms. His work is centred on showcasing Sitehop’s smart people, technology leadership, powerful platform and customer outcomes to customers, prospects, investors, and the media.
